Compare commits

...

2 commits

3 changed files with 35 additions and 8 deletions

View file

@ -1,4 +1,4 @@
{ lib, ... }: { { lib, config, ... }: {
imports = [ imports = [
../../common ../../common
../../profiles/headless.nix ../../profiles/headless.nix
@ -13,7 +13,9 @@
}; };
kyouma.nginx.defaultForbidden = "florp.social"; kyouma.nginx.defaultForbidden = "florp.social";
kyouma.restic = { kyouma.restic = let
pgBackup = "/var/cache/postgresql.sql";
in {
enable = true; enable = true;
remoteUser = "zh3485s1"; remoteUser = "zh3485s1";
timerConfig = { timerConfig = {
@ -22,9 +24,21 @@
}; };
paths = [ paths = [
"/var/lib/akkoma" "/var/lib/akkoma"
"/var/lib/postgresql"
"/var/lib/secrets" "/var/lib/secrets"
pgBackup
]; ];
backupPrepareCommand = ''
umask 0077
rm -f -- ${pgBackup}
${lib.getExe' config.services.postgresql.package "pg_dumpall"} \
-U ${config.services.postgresql.superUser} \
-f ${pgBackup}
'';
backupCleanupCommand = ''
rm -f -- ${pgBackup}
'';
}; };
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
address = [ address = [

View file

@ -437,11 +437,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731185407, "lastModified": 1731187545,
"narHash": "sha256-4LdV+ZK7slyONezfW3aZmBuTt4lnxBTmREemBW7VBtk=", "narHash": "sha256-n/BOlXvOcX5yn2mbjazfCcbojzczCdmcjQNaH7Dcdd4=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "1d3098ad7775426c092a5bd13498d98a8b02b116", "rev": "1845276697adca236be3e7a983238d2a2d0d57b5",
"revCount": 6, "revCount": 7,
"type": "git", "type": "git",
"url": "https://woof.rip/florp/about.git" "url": "https://woof.rip/florp/about.git"
}, },

View file

@ -48,6 +48,19 @@ in {
Persistent = true; Persistent = true;
}; };
}; };
# FIXME: Can these be just inherited?
backupPrepareCommand = mkOption {
description = "preparation script";
type = with types; nullOr str;
default = null;
};
backupCleanupCommand = mkOption {
description = "cleanup script";
type = with types; nullOr str;
default = null;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets."restic/${cfg.remoteUser}/password" = { sops.secrets."restic/${cfg.remoteUser}/password" = {
@ -58,7 +71,7 @@ in {
}; };
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = { services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
inherit (cfg) paths user pruneOpts timerConfig; inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
initialize = true; initialize = true;
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}"; repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path; passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;